You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/05/02 13:01:59 UTC
[cxf] branch 3.1.x-fixes updated (760263b -> 4908a8b)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git.
from 760263b Recording .gitmergeinfo Changes
new 43f7f52 CXF-7733 - Support different signature algorithms for the SAML SSO filters
new 4908a8b Recording .gitmergeinfo Changes
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.gitmergeinfo | 1 +
.../rs/security/saml/sso/AbstractServiceProviderFilter.java | 13 +++++++++++--
.../cxf/rs/security/saml/sso/SamlPostBindingFilter.java | 2 +-
.../cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java | 7 ++++---
4 files changed, 17 insertions(+), 6 deletions(-)
--
To stop receiving notification emails like this one, please contact
coheigea@apache.org.
[cxf] 01/02: CXF-7733 - Support different signature algorithms for
the SAML SSO filters
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 43f7f5219b6b8644d5374c1fade5116efb963e79
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed May 2 11:52:51 2018 +0100
CXF-7733 - Support different signature algorithms for the SAML SSO filters
(cherry picked from commit 4c69a8aba5bc41a46e9cfc68386be736c27269f2)
# Conflicts:
# rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
# rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
---
.../rs/security/saml/sso/AbstractServiceProviderFilter.java | 13 +++++++++++--
.../cxf/rs/security/saml/sso/SamlPostBindingFilter.java | 2 +-
.../cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java | 7 ++++---
3 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
index 801568f..b2c8ad4 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
@@ -83,7 +83,8 @@ public abstract class AbstractServiceProviderFilter extends AbstractSSOSpHandler
private String webAppDomain;
private boolean addWebAppContext = true;
private boolean addEndpointAddressToContext;
-
+ private String signatureAlgorithm = SSOConstants.RSA_SHA1;
+
public void setAddEndpointAddressToContext(boolean add) {
addEndpointAddressToContext = add;
}
@@ -313,5 +314,13 @@ public abstract class AbstractServiceProviderFilter extends AbstractSSOSpHandler
public void setAddWebAppContext(boolean addWebAppContext) {
this.addWebAppContext = addWebAppContext;
}
-
+
+ public String getSignatureAlgorithm() {
+ return signatureAlgorithm;
+ }
+
+ public void setSignatureAlgorithm(String signatureAlgorithm) {
+ this.signatureAlgorithm = signatureAlgorithm;
+ }
+
}
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java
index 3e9353d..90d8826 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java
@@ -132,7 +132,7 @@ public class SamlPostBindingFilter extends AbstractServiceProviderFilter {
);
}
- String sigAlgo = SSOConstants.RSA_SHA1;
+ String sigAlgo = getSignatureAlgorithm();
String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
LOG.fine("automatic sig algo detection: " + pubKeyAlgo);
if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
index fd7d13d..bf41872 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
@@ -44,6 +44,7 @@ import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.util.DOM2Writer;
import org.apache.xml.security.utils.Base64;
+import org.apache.xml.security.algorithms.JCEMapper;
import org.opensaml.saml.saml2.core.AuthnRequest;
public class SamlRedirectBindingFilter extends AbstractServiceProviderFilter {
@@ -130,14 +131,13 @@ public class SamlRedirectBindingFilter extends AbstractServiceProviderFilter {
);
}
- String sigAlgo = SSOConstants.RSA_SHA1;
+ String sigAlgo = getSignatureAlgorithm();
String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
- String jceSigAlgo = "SHA1withRSA";
LOG.fine("automatic sig algo detection: " + pubKeyAlgo);
if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
sigAlgo = SSOConstants.DSA_SHA1;
- jceSigAlgo = "SHA1withDSA";
}
+
LOG.fine("Using Signature algorithm " + sigAlgo);
ub.queryParam(SSOConstants.SIG_ALG, URLEncoder.encode(sigAlgo, StandardCharsets.UTF_8.name()));
@@ -150,6 +150,7 @@ public class SamlRedirectBindingFilter extends AbstractServiceProviderFilter {
PrivateKey privateKey = crypto.getPrivateKey(signatureUser, password);
// Sign the request
+ String jceSigAlgo = JCEMapper.translateURItoJCEID(sigAlgo);
Signature signature = Signature.getInstance(jceSigAlgo);
signature.initSign(privateKey);
--
To stop receiving notification emails like this one, please contact
coheigea@apache.org.
[cxf] 02/02: Recording .gitmergeinfo Changes
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 4908a8b0b7a0a1c7c7769938ee95e6751e5da772
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed May 2 11:54:26 2018 +0100
Recording .gitmergeinfo Changes
---
.gitmergeinfo | 1 +
.../org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/.gitmergeinfo b/.gitmergeinfo
index e62f921..882907f 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -982,6 +982,7 @@ M 4aaa6cc53f694e61eede9c3ef90484fe8f4f3770
M 4b0868a8ee6f53d8543860a458821c35ec2a79a2
M 4b23cab79851b073d9902e504081c13db31145cb
M 4b84baa96a71431bb471763765c188165f83c1ca
+M 4c69a8aba5bc41a46e9cfc68386be736c27269f2
M 4d493d461f70864aa1b5cab7bcbfbc31a31cdc01
M 4da18667296504ca698c392608e3f48062a4a53b
M 4e46cb7d8d4ccb47aeff85b5b2804728ea4b736d
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
index bf41872..4d604cd 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
@@ -43,8 +43,8 @@ import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.util.DOM2Writer;
-import org.apache.xml.security.utils.Base64;
import org.apache.xml.security.algorithms.JCEMapper;
+import org.apache.xml.security.utils.Base64;
import org.opensaml.saml.saml2.core.AuthnRequest;
public class SamlRedirectBindingFilter extends AbstractServiceProviderFilter {
--
To stop receiving notification emails like this one, please contact
coheigea@apache.org.